Products & Services

Raqeeb MSS

With an ever growing security concerns like increasing zero day attacks, DoS, DDoS, etc. enterprises often lack response and remediation process in place. There is a constant pressure to meet ever evolving regulatory requirements which maintaining high standards or performance and low cost of operations.

Gap and Maturity Assessments

The gap and maturity assessment is a fast track analysis to establish an understanding on organizations’ information security capabilities. The purpose of this activity is to evaluate the current capabilities of organizations against relevant areas of best practices, so that gaps can be identified. This exercise is designed to give Senior management a better indication of where the organization stands in terms of the relevant standard, and what effort is required to be compliant.

Internal Audit

Internal auditing is an independent, objective assurance and consulting activity designed to evaluate compliance, and improve an organization’s governance, risk management and management controls. This service involves onsite independent assessment and fact finding and a report which provides insight and recommendations based on analyses and assessments of data and business processes. I(TS)2 provides Internal Audit for following standards:

ISO 27001- Information Security Management System

ISO 22301 – Business Continuity

ISO 20000 – Service delivery Management

Standards Establishment, Implementation & Certification

This service involves facilitatingour clients to establish, implement, manage, maintain following management systems:

ISO 27001- Information Security Management System

ISO 22301 – Business Continuity

ISO 20000 – Service delivery Management

We ensure that all the requirements for certification are well met and facilitate organization to achieve desired management system certification.

Physical Security Review

The objective of this service is to assess and evaluate an organization’s physical security controls, identify any shortcomings, and to provide recommendation via a report. Typically it comprises of review of physical Access Control;Vehicle Access Control;Security Guards Control; Environmental Controls;Life Safety Controls;Equipment Controls; and other Concerns.

Cyber Security Risk Assessment and Management

This Service comprises of establishing a tailored risk methodology for to assess, evaluate, modify and mitigate the cyber security risk for an organization.During risk assessment critical organizational services are identified, and related information security threats and vulnerabilities are determined and eventually risk is evaluated. A mitigation plan is established to address the information security risks which are not acceptable. At the end of engagement a comprehensive report will be created to summarize all risks, their values, mitigation plans, risk owners and due dates.

Cyber Security Policies & Procedures

I(TS)2 helps organizations help develop policies and procedures that sets out a framework of governance and accountability for information security management commitment across an organization.
Procedures describe how each policy will be put into action in the organization, and gives a detailed step-by-step how to fulfill a specific task or activity.

Information security Organization

This services aims at addressing:

Establishing Cyber Security structure and hierarchy in an organization

Establishing Cyber Security roles and responsibilities and explicit assignment for the employees (RASI)

Identifying key roles and responsibilities for main roles in security program such as CIO, Security Manager, Security Unit, end users.

Vulnerability Assessment

The objective of a vulnerability assessment service is to identify and assess all possibly present vulnerabilities in the IT network or infrastructure and report it to the customer. The end result is a report which produced prioritizing list of vulnerabilities& suggests remediation.

External Penetration Testing

External penetration testingis an offensive security analysis of an IT infrastructure’s defensesagainst attacks from the Internet. External penetration testing involves mimicking the actions of an external hacker, with the purpose of simulating a cyber-attack or gaining access to confidential information through the Internet. This type of testing checks for vulnerabilities in the IT infrastructure’s external perimeter that may lead to a breach of confidentiality, integrity and accessibility of data

Internal Penetration Testing

Internal penetration testing is an analysis of IT infrastructure security within a corporate network. Internal penetration testing involves simulation of actions of a malicious employee. This type of testing checks for vulnerabilities in the internal network that may lead to a breach of confidentiality, integrity and accessibility of data.

Web Application Penetration Testing

Web application penetration testing is to ensure the security of the most critical information by identifying known and unidentified vulnerabilities within the web application layer. The security assessments are performed on any web-based application, including all industry-leading application platforms. Our methodology is aligned with leading practices such as OWASP, WASC.

Mobile Application Penetration Testing

The objective of a mobile application penetration testing is to identify and assess all possibly present vulnerabilities in the mobile application and report it to the customer. Mobile Application testing includes:

Client side testing

Network side testing

Server side testing

Our team is fully capable of performing assessment on android, iOS, and windows platforms.

Wireless Penetration Testing

Wireless Penetration testing is to test the effectiveness of the Wireless security Controland also to analyses the Weakness and Critical wireless network vulnerabilities.

Secure Code review

Secure code review is a specialized task involving manual and/or automated review of an application’s source code in an attempt to identify security-related weaknesses (flaws) in the code.

Security Analysis of Industrial Systems (APCS, SCADA)

The purpose of the security analysis of industrial systems is to provide an objective and independent assessment of the current level of protection of an industrial system. The scope of this process includes verification of the network demarcation, security of applications, the ability to upgrade the operator’s access rights, security of operating systems, the safety of controllers and other system components.

DDoS Simulation Testing

DDoS Testing gives enterprises the unique opportunity to carry out comprehensive, simulated attacks. Designed to emulate real-life DDoS attack scenarios, the fully customizable and controllable tests expose system vulnerabilities and allow enterprises to put their security strategies to the test.

Threat Hunting & Compromise Assessment

A Threat Hunting &Comprise assessment is an advanced threat detection service tailor made for organization suspected a data breach. The service identified and detects the contemporary cyber threats that already exists in your organization. I(TS)2 team of consultants will investigate your infrastructure to pinpoint accuracy and precisely detect who, what, where, when and how you have been attacked, and simultaneously provide corrective actions.

Social Engineering

Social engineering testing is use to test and manipulate the organization employees into allowing unauthorized access to confidential information. This provides perception into how effective the organization’s policies and procedures are at countering social engineering threats, how well the employees follow to established policies and procedures, and the level of security awareness that exists among employees.

Red Teaming

The Red Teaming Test simulates a situation where our team of qualified consultants and target your organization’s vulnerable assets.By simulating real life attackers. The results produce perceptions into how potential vulnerabilities can affect your business and how they can be effectively treated. This exercise also tests the maturity of your current incident response processes.

Forensic Investigations

The Forensic investigation service examines digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information incident.

SOC Assessment

SOC assessment is a review of components associated with any typical security operations center. The service comprises of:

Hardware Specifications Validations

SIEM Configuration review

SIEM Log Volume Capacity Study

SIEM Use-Case relevancy check

Data-Sources integration review

Incident handling process review

Escalation Process review

SOC staff augmentation

Secure Architecture Review

The Secure architecture Review is areview of your current Network architecture from a security perspective. The study is based on International acclaimed standards and best practices. The core of the engagement involves understanding your business requirements, architectural design review, verifying your network design flows, and assessing your current security technologies in place. The end result is a detailed report which identifies weaknesses and the measure to be taken to address them. Also, a technology roadmap is provided to the customer as a part of the report.

Secure Configuration Review

A configuration review provides a comprehensive and detailed security audit of network components such as switches , servers and routers, to ensure that weaknesses in their configuration are identified and remediated, reducing the risk of a security incident.

Solutions

I(TS)2, is a security focused company, and caters for state of the art & cutting edge cyber security technologies. The technologies catered by I(TS)2 are based on deep study of emerging threats and have been hand picked to target the most persistent cyber security issues faced by organization’s today.

We have a strong partnership with top leading security vendors in every cyber security domain. Mentioned below are our strategic partners.

Domain

Vendors

Security Information Event Management (SIEM)

Next Generation Firewalls

Data Loss Prevention (DLP)

Endpoint Detection & Response

Web Application Firewalls

Advance Malware Protection

Web Email Security

Endpoint Security

Network modeling and risk scoring platform

Social Network Security

Threat Intelligence Platforms

Social Engineering Defense

Vulnerability Management

Professional Services

I(TS)2 Cybersecurity Professional Services team comprises of certified security professionals trained to stay actively informed of the rapidlychanging landscape of security threats. Our professional services team can deliver a robust, tried and tested solution that has been specifically designed for you, to manage some of the biggest concerns in cyber security today. Our team ensures that the customer gets the expected functionality in the best possible manner.

The ever-rising tide of cyber-threats and increasingly sophisticated cyber-attacks force you to constantly assess your Network technology and your current cyber security products. I(TS)2 meets the need with cost-effective professional services that assess your risks, identify the right technologies to meet them, and ensureoptimal configuration of these technologies in your environment.

Local Support Services

I(TS)2 provides SLA driven local support programs. Some salient features of our program are as below:

Ideally, for such engagements Clients have to provide the venue, the class room requirements and refreshments while I(TS)2 shall provide the instructor, material and proctor the official exam if requested.

For Public training I (TS)2 arranges for the venue either in luxurious hotel or at the I(TS)2 Academy Centre in Riyadh. The class room requirements, lunch and refreshments, courseware material and proctor for the official exam on the last day of the training are provided as well.

Information Security Needs Assessment

Anchored against international best practices and standards, the main objective of this acitivity is to identify the gap between the current target audience awareness, training and education status and the target status (gaps) and to develop detailed methodology and roadmap to fill this gap. Our methodology in conducting TNA is based on meet-in-the-middle between the adopted standards and the client’s objectives.

Courseware Design and Customization

In accordance with the clients’ requirements and objectives, we design or customize existing clients’ courseware material based on international best practices, current technological advancements and well known Quality Assurance approaches.

Awareness Campaigns

This service involves establishing and implementing a full awareness Campaigns for an organization. Depending on the requirement of organization this service can comprise of services, such as:

Content /messages development,

Workshops ( Senior Management, IT department, General users)

banners/ brochures/posters design,

Booklet

Video, etc

Learning Management Systems

Our information security awareness Learning management system is designed to strengthen the first ity line of defense within your organization- Your people. Our courses enable participants to understand and know how to implement best information security practices. It provides following features:

Promotional Items

This service involves developing a unique set of security awareness products, with catchy images and clever slogans, which will attract the attention of individuals and assist in establishing a security positive environment within the organization, where staff will act and think instinctively in a way which promotes good information security practice. All of the products can be delivered in English and Arabic.

The focus on this stage is to develop not only specific contents for the materials but also high quality promotional items that which would be based on the customer’s organization theme. These designs of the contents would reflect organizations brand and image, and would be made to fit not only content but the context also. Some examples of promotional items are:
Cups/ pens/ USB with messages,
Posters booklets.

Outsourcing

For several years, I(TS)2 has been providing top quality staff augmentation resources in several security related fields to clients all around the kingdom. This includes Government, Banking, Education and the Private Sector. On many occasions our resources impress our customers to the extent that our clients hire them directly. We offer Outsourcing in follow modes: